diff options
author | jwise <jwise> | 2002-12-31 19:36:26 +0000 |
---|---|---|
committer | jwise <jwise> | 2002-12-31 19:36:26 +0000 |
commit | ae2ea396ad7eb5f7d7b7483670f5d1d75d66ceb5 (patch) | |
tree | 5d109a737c810686eb4f2dbbe96e6e284cb7f07b /mail | |
parent | e200caeb259ae659bad84da4b4ea4f129b59b1d6 (diff) | |
download | pkgsrc-ae2ea396ad7eb5f7d7b7483670f5d1d75d66ceb5.tar.gz |
Update mhonarc to version 2.5.14. Changes since 2.5.11 (the last pkgsrc
version) include:
============================================================================
2002/12/21 (2.5.14)
* Security patch release: This release fixes a cross-site scripting
(XSS) vulnerability in m2h_text_html::filter (the HTML filter).
A specially crafted HTML message can have scripting markup get
by the script filtering done by m2h_text_html::filter.
============================================================================
2002/10/21 (2.5.13)
* Bug Fixes: See
<http://savannah.gnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.5.13&chunksz=50>
* DBFILE resource can now be set to an absolute pathname. This
allows the database file to be located in a separate location than
in the archive directory. If not an absolute pathname, then
value is treated relative to OUTDIR.
* readmail.pl updated to handle MHTML messages better. mhtxthtml.pl
changed accordingly.
* readmail.pl handling of malformed multipart messages improved.
Cases were a the terminating boundary delimiter did not exist would
generate a warning message in the converted message body that data
could not be converted. This case should now be handled so that
end of entitiy implies a terminating boundary delimiter,
(Thanks goto Randy Blaustein for providing real-world test cases).
* Fixed problem where some message attachments were "lost". This
mainly occurs when using mha-decode with the -dcd-digest option,
or if you have registered the m2h_external::filter for message/*
data types.
(Thanks goto Steve Johnson for finding this problem.)
* m2h_external::filter will now include the subject of a message
in the attachment link if saving message/* data to a file.
* m2h_external::filter properly escapes the filename parameter
when displaying it in the attachment link. This is done to
avoid any possible XSS exploits. Note, no exploits have been
reported by using the filename parameter in messages, so this
change is more of a preemptive measure.
* m2h_external::filter will fall back to a "txt" extension for
unknown text types instead of a "bin" extension.
* m2h_text_plain::filter: Removed hardcoded 'as-is' for US-ASCII
data. This is so a user could define a converter if having to deal
with mislabeled character data.
(Thanks goto Mooffie for finally finding a real-world case to not
hardcode us-ascii).
============================================================================
2002/09/03 (2.5.12)
* Strip more tags and attributes that could potentially be used for
XSS exploits in the HTML filter. This is a more of a preemptive
change since no new exploits have been reported.
* DATEFIELDS resource now supports indexed field names. For example:
<DateFields>
received[1]:received[0]:date
</DateFields>
The example says that mhonarc should check the second received
field, then the first received field, and then the first date field
to determine the date of a message.
Diffstat (limited to 'mail')
-rw-r--r-- | mail/mhonarc/Makefile | 6 | ||||
-rw-r--r-- | mail/mhonarc/distinfo | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/mail/mhonarc/Makefile b/mail/mhonarc/Makefile index ad8aac6d5f7..a9525fde28c 100644 --- a/mail/mhonarc/Makefile +++ b/mail/mhonarc/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.10 2002/08/23 01:48:26 grant Exp $ +# $NetBSD: Makefile,v 1.11 2002/12/31 19:36:26 jwise Exp $ # -DISTNAME= MHonArc2.5.11 -PKGNAME= mhonarc-2.5.11 +DISTNAME= MHonArc2.5.14 +PKGNAME= mhonarc-2.5.14 CATEGORIES= mail MASTER_SITES= http://www.oac.uci.edu/indiv/ehood/tar/ \ ftp://hhobel.phl.univie.ac.at/MHonArc/ diff --git a/mail/mhonarc/distinfo b/mail/mhonarc/distinfo index 1aa6db87e4e..5b29413cad4 100644 --- a/mail/mhonarc/distinfo +++ b/mail/mhonarc/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.6 2002/08/23 01:48:25 grant Exp $ +$NetBSD: distinfo,v 1.7 2002/12/31 19:36:27 jwise Exp $ -SHA1 (MHonArc2.5.11.tar.bz2) = 65960e6cfe8056efacbd90936eb00d88ec9ddad5 -Size (MHonArc2.5.11.tar.bz2) = 467400 bytes +SHA1 (MHonArc2.5.14.tar.bz2) = 88f2d8140b60eafd64fe27783cda11c676ffada4 +Size (MHonArc2.5.14.tar.bz2) = 476212 bytes |